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Information Assurance (IA) 


• IA (U.S. Definition) 

Measures that protect and defend information and information systems 
by ensuring their availability, integrity, authentication, confidentiality, 
and non-repudiation. This includes providing for restoration of 
information systems by incorporating protection, detection and reaction 
capabilities. 



Protect - Provides for the availability, integrity, authenticity, confidentiality, and 
non-repudiation of information or transactions 

Detect - Provides for the ability to detect efforts to disrupt and deny services 

React - Provides for reconstitution of information and services in case of a 
successful disruption or denial 
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Definitions 


• Availability - Information and information systems are available when 
needed to support mission critical, mission support, and administrative 
purposes. 

• Integrity - Data is unchanged from its source--has not been 
accidentally or maliciously altered. 

• Authentication - Data, and their originators, are authentic, and that a 
recipient is eligible to receive specific categories of information 

• Non-Repudiation - Strong and substantial evidence of an information 
exchange or transaction. 

• Confidentiality - Information can be read only by authorized entities 
e.g. encryption 
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Information Assurance - 
Emphasis Starts at the Top 



SECDEF’s Transformational Goals*: 


• First, to defend the U.S. homeland and other bases of operations, 
and defeat nuclear, biological and chemical weapons and their 
means of delivery; 

• Second, to deny enemies sanctuary—depriving them of the 
ability to run or hide—anytime, anywhere. 

• Third, to project and sustain forces in distant theaters in the face 
of access denial threats; 

• Fourth, to conduct effective operations in space; 

• Fifth, to conduct effective information operations; and, 

• Sixth, to leverage information technology to give our joint forces 
a common operational picture. 




“....Protect our information networks from attack”... 

...Use information technology to link up different 
kinds of US forces so that they can in fact fight 
jointly... ” 


* From Secretary Rumfeld’s speech to the National Defense Tfniversity 21 Jan 2002 










Information Assurance - 
Senior Leadership Emphasis 


Our ability to leverage the power of 
information will be key to our success in the 
21st Century. I am committed to: 

* Make information available on a network 
that people depend on and tnist 

• Populate the network with new, dynamic 
sources of information to defeat the 
enemy 



• Deny the enemy information advantages 

and exploit weakness to support Network 
Centric Warfare and the transformation of 
DoD business processes. 


John P. Stenbit 
ASD(NII) 
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Information Security & Global Networks 


Global Economy 

Global Information 
Environment 

Electronic Security Must Be 
Global 

U.S. Cannot “Solve" Problem 
Unilaterally 

International Cooperation 
Required 




Think Global! 
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Malicious Activity 
Continues to Climb 



Growth Per Month 

(Internet - “Wild List") 


As of 1 Jan 03 



Detected “Events" 


50,000 
45,000 
40,000 - 
35,000 - 
30,000 
25,000 - 
20,000 - 
15,000 
10,000 
5,000 - 
0 


As of 1 Jan 03 


46,057 


40,076 


22,144 2 3 ! 6® 2 


5,844 


225 559 730 780 


94 95 96 97 98 99 00 01 02 


”Information Networks must 
be controlled, protected, and 
managed as effectively as 
weapon systems” 

Lt Gen Harry D. Raduege, 

DISA Director 


Unauthorized DoD Intrusions 



30% 


rn “New” Intrusion Method 
L - 1 or Under Analysis 

□ “Multiple Vulnerabilities” 
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Net-Centric Warfare 



In NCW, the Network is the 
center of gravity: 

the focus on which all elements of combat power depend 



Transportation 
Logistics 











































Scope of the IA Mission 





Sensor-to 

-Shooter 


Weapon 

Systems 


Logistic systems 


Sustaining base 
Systems and 
Business systems 



Command & Control 
(C2) systems 
Situation awareness 

Infrastructure 
Power projection 
platforms and 
communications 
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The Changing Technology 
Environment 


• PAST 

- dedicated circuits 

- stovepiped systems 

- government 
developed 

and produced 
solutions 

- “risk avoidance” 

- limited cooperation 
with industry 

- government-owned 
and 

- controlled security 
mgt infrastructure 
(SMI) 


PRESENT 

- highly interconnected 

- interdependent 

- commercial technology 
forms the basis for 
solutions 

- “risk management” 

- full and open 
cooperation with 
industry 

- global interoperable 
public key-based SMI 


• FUTURE 

- genetic algorithms 

- neural networks 

- intelligent agents 

- nano-technologies 

- distributed computing 

- wireless 

- changing architectures, 
operations, technology 
all aimed at leveraging 
the “richness and 
reach” of the internet 

- where are the 
boundaries? 


We cannot affoni to “stay, the cour^eZ 
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I A Mission and Strategy 

Assure DoD’s Information, Information Systems and Information 
Infrastructure and Support DoD’s Transformation to Network and Data 

Centric Operations and Warfare 


Goals 


Objectives 



Define Protection 
Criteria for 
Netcentric Opns 


Develop & Deploy 
Protection 
Capabilities 



Evaluate & Deploy 
CND Tools and 
Capabilities 



Create SA 
Visualization 
capabilities 


Coordinate IA ops 
& decisions 



Improve strategic 
decision making 


Expedite dynamic IA 
capabilities through 
innovation 


Transform SMI 


Establish vertical & 
horizontal defense 
mechanisms w/l 
CND RAF 


Harmonize 
NETOPS, IO, CNA, 
CND relationships 


Enable Information 
sharing & 
collaboration 



Provide 

trained/skilled 

personnel 


Enhance IA skill 
levels 


Infuse IA into other 
disciplines 
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TheDoD IA Strategy 


No Single Solution! 


OPERATIONS 


TECHNOLOGY 


PERSONNEL 


• Solution requires a multidimensional approach 

• Trained and disciplined personnel 

• Improved operations (including updated policies) 

• Innovations in technology 

• Solutions must address importance of Information 
Technology in elements of the Critical Infrastructure, 
for example, Power, Transportation, other 
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I WANT YOU 
for INFORMATION 
ASSURANCE 
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BACKUP 
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Personnel 


• Cyber security training and awareness 

- Platform Training 

- Computer Based Training (CBT) 

- Video 

• Certification of information system operators, administrators, and 
maintainers 

• Career field management - focus on retention 

• Partnership with industry for cooperative internships 

• National InfoSec Education & Training Program 

• Academic Centers Of Excellence (36 today) 
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Operations 


• Integrated Information Assurance Policy 

• Information Assurance Vulnerability Alert (IAVA) Process 


- Positive Control 


• Service and Agency Computer Emergency Response Teams 

• Joint Task Force - Computer Network Operations (JTF-CNO) 

- Coordination within the Department of Defense, and with other government 
departments and agencies 

• Continuous Vulnerability Analysis and Assessment Program 

• Exercises to test protection, detection, and response capabilities 
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Technology 


• Full spectrum Information Assurance solutions 


- Layered Information Assurance strategy (Defense-in-Depth) 

- Deployment of intrusion detection technology 

- Strategic partnership with industry 

• Security-enabled commercial products 

• Open security framework 

- National Information Assurance Partnership (NIAP) 

• Common Criteria evaluations 



• Global, interoperable Security Management Infrastructure 

• R&D for highly assured products and systems 

• R&D for real-time monitoring, data collection, analysis, and 
visualization 
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IA Strategy and Defense-in- 
Depth (DiD) Interface 


Defense-in- 
Depth: Establishes 
our defenses in 
place and gives 
DoD a basic 
defensive 
framework 


IA Strategy: 

Takes concepts 
of DiD and 
brings the 
warfighter into 
the IA arena 
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